pfSense Gold Subscription

Author Topic: No squid packages will start (user 'squid' not found) on 2.1-DEVELOPMENT  (Read 11753 times)

0 Members and 1 Guest are viewing this topic.

Offline kchr

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
I have tried installing all of the available squid packages (squid, squid-reverse, squid3), but none of them will start...

It seems that all of the squid binaries try to run as the system user "squid", which is not present on the pfSense system. Looking through the install scripts it seems that it tries to configure squid to run as the "proxy" user, which is present on the system, but the squid binaries try to run as the "squid" user anyway...

Currently running 2.1-DEVELOPMENT i386 from git (branch 'master'),
built on Mon Dec 12 17:53:52 EST 2011
FreeBSD 8.1-RELEASE-p6 (Originally installed using the 2.1-RELEASE-i386 image)

Anyone else having this problem? See an excerpt of my system logs below, from trying to start squid:

Jan 25 13:49:06    squid[43609]: getpwnam failed to find userid for effective user 'squid'
Jan 25 12:49:06    php: /pkg_edit.php: The command '/usr/local/sbin/squid -k kill' returned exit code '134', the output was 'FATAL: getpwnam failed to find userid for effective user 'squid' Squid Cache (Version 2.7.STABLE9): Terminated abnormally. CPU Usage: 0.013 seconds = 0.007 user + 0.007 sys Maximum Resident Size: 2208 KB Page faults with physical i/o: 0 Abort trap'
Jan 25 12:49:06    kernel: pid 43609 (squid), uid 0: exited on signal 6
Jan 25 13:49:06    squid[43875]: getpwnam failed to find userid for effective user 'squid'
Jan 25 12:49:06    php: /pkg_edit.php: The command '/usr/local/sbin/squid -z' returned exit code '134', the output was 'FATAL: getpwnam failed to find userid for effective user 'squid' Squid Cache (Version 2.7.STABLE9): Terminated abnormally. CPU Usage: 0.013 seconds = 0.013 user + 0.000 sys Maximum Resident Size: 2304 KB Page faults with physical i/o: 0 Abort trap'
Jan 25 12:49:06    kernel: pid 43875 (squid), uid 0: exited on signal 6
Jan 25 12:49:06    php: /pkg_edit.php: Starting Squid
Jan 25 13:49:06    squid[44239]: getpwnam failed to find userid for effective user 'squid'
Jan 25 12:49:06    php: /pkg_edit.php: The command '/usr/local/sbin/squid' returned exit code '134', the output was 'FATAL: getpwnam failed to find userid for effective user 'squid' Squid Cache (Version 2.7.STABLE9): Terminated abnormally. CPU Usage: 0.013 seconds = 0.007 user + 0.007 sys Maximum Resident Size: 2304 KB Page faults with physical i/o: 0 Abort trap'
Jan 25 12:49:06    kernel: pid 44239 (squid), uid 0: exited on signal 6

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9985
  • Karma: +2/-0
    • View Profile
Re: No squid packages will start (user 'squid' not found) on 2.1-DEVELOPMENT
« Reply #1 on: January 25, 2012, 07:50:25 am »
Try pw useradd squid on console.
« Last Edit: January 25, 2012, 08:01:54 am by marcelloc »

Offline kchr

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: No squid packages will start (user 'squid' not found) on 2.1-DEVELOPMENT
« Reply #2 on: January 25, 2012, 07:59:01 am »
I just did the following, which seem to have solved the problems:

# pw useradd -g proxy -s /sbin/nologin -d /var/squid -n squid
# chown -R squid /var/squid

Offline kchr

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: No squid packages will start (user 'squid' not found) on 2.1-DEVELOPMENT
« Reply #3 on: January 25, 2012, 08:39:08 am »
Running the squid-reverse package right now, and the squid binary starts as I have added a "squid" user, but something seem to change the owner of the /var/squid directories when it starts:

# ls -l /var/squid/logs/access.log
-rw-r-----  1 proxy  proxy  59985 Jan 25 15:38 /var/squid/logs/access.log


Which show up like the following in the system logs:

Jan 25 15:37:14    squid[8697]: Squid Parent: child process 55094 started
Jan 25 15:37:14    squid[55094]: Cannot open '/var/squid/logs/access.log' for writing. The parent directory must be writeable by the user 'squid', which is the cache_effective_user set in squid.conf.
Jan 25 15:37:14    squid[8697]: Squid Parent: child process 55094 exited due to signal 6
Jan 25 14:37:14    kernel: pid 55094 (squid), uid 1003: exited on signal 6
Jan 25 15:37:14    squid[8697]: Exiting due to repeated, frequent failures

Offline eXtermia

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: No squid packages will start (user 'squid' not found) on 2.1-DEVELOPMENT
« Reply #4 on: February 12, 2012, 09:30:01 am »
I have the exact same errors. I can chown or even squid -z what ever the next time it starts i lose permission to the logs and the cache. Then it dies.

With Squid 2.x and 3.x as well as the Reverse squid package. This is using 2.1-DEVELOPMENT (amd64)
built on Mon Dec 12 18:16:13 EST 2011

/usr/local/sbin(8): squid -z           2012/02/12 03:39:22| Creating Swap Directories
FATAL: Failed to make swap directory /var/squid/cache/01/00: (13) Permission denied
Squid Cache (Version 2.7.STABLE9): Terminated abnormally.
CPU Usage: 0.002 seconds = 0.000 user + 0.002 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0

[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(28): chown squid /var/squid/cache/0A
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(29): chown squid /var/squid/cache/0B
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(30): chown squid /var/squid/cache/0C
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(31): chown squid /var/squid/cache/0D
\[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(32): chown squid /var/quid/cache/0E
\[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(33): chown squid /var/quid/cache/0F
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(34): squid -z          2012/02/12 03:41:02| Creating Swap Directories
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(35): chown squid /var/squid/logs/
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(36): chown squid /var/squid/logs/access.log
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(37): pw useradd -g proxy -s /sbin/nologin -d /var/squid -n squid
pw: login name `squid' already exists
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(38): squid -z          2012/02/12 03:47:18| Creating Swap Directories
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(39): squid -k shutdown
squid: ERROR: No running copy
[2.1-DEVELOPMENT][root@]/usr/local/sbin(40): squid -k rotate
squid: ERROR: No running copy
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(42): chown squid /var/squid/logs/store.log
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(43):
[2.1-DEVELOPMENT][root@pfsense.]/usr/local/sbin(43): 2012/02/12 03:40:24| Creating Swap Directories
FATAL: Failed to make swap directory /var/squid/cache/09/00: (13) Permission denied


this goes for the logs too ( i fixed those first then had problems with the cache)

after I got everything running the service started but the first time I made a change all persmissions were removed again and I lost all
« Last Edit: February 12, 2012, 09:43:43 am by eXtermia »

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 9985
  • Karma: +2/-0
    • View Profile
Re: No squid packages will start (user 'squid' not found) on 2.1-DEVELOPMENT
« Reply #5 on: February 13, 2012, 10:38:17 am »
chown -R squid /var/squid/cache/

or

rm -rf /var/squid/cache/*

then try to start squid.

Offline eXtermia

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: No squid packages will start (user 'squid' not found) on 2.1-DEVELOPMENT
« Reply #6 on: February 21, 2012, 07:41:23 pm »
no go, service starts once but any configuration changes at all results back to

Feb 22 02:41:24   squid[28812]: Squid Parent: child process 26120 started
Feb 22 02:41:24   squid[26120]: Cannot open '/var/squid/logs/access.log' for writing. The parent directory must be writeable by the user 'squid', which is the cache_effective_user set in squid.conf.
Feb 22 02:41:24   squid[28812]: Squid Parent: child process 26120 exited due to signal 6
Feb 22 02:41:24   kernel: pid 26120 (squid), uid 100: exited on signal 6
Feb 22 02:41:27   squid[28812]: Squid Parent: child process 26494 started
Feb 22 02:41:27   squid[26494]: Cannot open '/var/squid/logs/access.log' for writing. The parent directory must be writeable by the user 'squid', which is the cache_effective_user set in squid.conf.
Feb 22 02:41:27   squid[28812]: Squid Parent: child process 26494 exited due to signal 6
Feb 22 02:41:27   kernel: pid 26494 (squid), uid 100: exited on signal 6
Feb 22 02:41:27   squid[28812]: Exiting due to repeated, frequent failures


strangest thing is I changed the logs  to '/var/squid/logs123' but the error still shows up as   Cannot open '/var/squid/logs/access.log' for writing. even although the /usr/local/etc/squid/squid.conf
says

icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/log123/access.log
cache_log /var/squid/log123/cache.log
cache_store_log none
I have repeatedly chown the log folder
but as soon as the sevices starts, stops, or reconfigures it goes back to failing

even disabling the logging makes no change
« Last Edit: February 21, 2012, 08:07:30 pm by eXtermia »

Offline eXtermia

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: No squid packages will start (user 'squid' not found) on 2.1-DEVELOPMENT
« Reply #7 on: February 28, 2012, 05:30:59 pm »
even more strange news.

Still same problems from the web interface but if I

/usr/local/sbin(127): squid -s

/usr/local/sbin(128): ps ax | grep squid
 3130  ??  Is     0:00.00 /usr/pbi/squid-amd64/sbin/squid -s
 3284  ??  S      0:00.02 (squid) -s (squid)
55633   0  R+     0:00.00 grep squid

/usr/local/sbin(129): squid -k reconfigure


squid runs but as soon as I change ANYTHING in the web GUI I again have to
 chown -R squid /var/squid/

and then
squid -s to get it to run again

restarting from the GUI it always fails and always lets the permissons on the access.log unaccessible.

but running the command from shell it works again like above.. a wth moment or what?

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 2358
  • Karma: +4/-0
    • View Profile
    • International Nepal Fellowship
I have all the same issues on a 1G nanobsd system running 2.1-DEVELOPMENT

After installing Squid from the package installer web interface I had to:

pw useradd -g proxy -s /sbin/nologin -d /var/squid -n squid
chown -R squid /var/squid
mkdir /var/squid/cache
squid -z

It looks like it starts OK from the WebGUI, /var/squid/logs/cache.log has good looking stuff in it, the system log looks like it has started a process for the service. But "ps ax | grep squid" doesn't find a process any more! It disappears for some reason that I haven't worked out yet.

squid -s

starts it happily and it runs.

So there are issues with the Squid installation scripts and startup mechanism on 2.1-DEVELOPMENT.

Note: 2.1-DEVELOPMENT uses the PBI package system. It fetches the squid 2.7.9-1 pbi ffile and installs it.
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 2358
  • Karma: +4/-0
    • View Profile
    • International Nepal Fellowship
Since the /var filesystem is only transient on the nanobsd, the /var/squid stuff does not get recreated after a reboot. So, on 2.1-DEVELOPMENT, after startup, to get Squid going, the following is done from a command prompt:

chown -R squid /var/squid
mkdir /var/squid/cache
chown -R squid /var/squid/cache
squid -z
squid -s

The squid username is preserved - that lives in /etc/passwd on the CF card.
The /var/squid dir got created by something, so there must be some script that is trying to setup things for squid, but doesn't get too far.
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14978
  • Karma: +4/-0
    • View Profile
That should be all done by squid_resync() that should be run when squid starts at bootup.

Next time you reboot, try to do something like this in Diag > Command, PHP exec box:
include 'squid.inc';
squid_resync();

then see if it works.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 2358
  • Karma: +4/-0
    • View Profile
    • International Nepal Fellowship
As suggested, after rebooting, I did:
include 'squid.inc';
squid_resync();

No joy, the system log complains that there is no /var/squid/cache dir.
> ls -ld /var/squid
drwxr-xr-x  5 proxy  proxy  512 Mar  8 11:19 /var/squid

The squid dir is owned by proxy, not by squid.

After manually resetting the owner, creating /var/squid/cache and doing "squid -z", "squid -s" it is fine. But then after a while (I think after doing other stuff in the web GUI) /var/squid goes back to being owned by proxy and squid does not work any more. So it seems that there is code in webGUI php scripts somewhere that doesn't set the squid owner correctly - if that is fixed then maybe all the downstream effects/problems will be resolved.
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 2358
  • Karma: +4/-0
    • View Profile
    • International Nepal Fellowship
The difference between 2.0.1 and 2.1-DEVELOPMENT is that the package is installed using a PBI. The "squid" program in /usr/local/sbin is now just a link to:
/usr/pbi/squid-i386/.sbin/squid

There is a default squid.conf in:
/usr/pbi/squid-i386/.etc/squid/squid.conf

The system seems to be using this conf file, which specifies cache_effective_user squid - and from that point all the /var/squid file owner issues occur.

The conf file that is supposed to be used is /usr/local/etc/squid/squid.conf

I modified /usr/local/pkg/squid.inc - on the end of all places that run "/usr/local/sbin/squid -D" add " -f /usr/local/etc/squid/squid.conf"
That makes it use the pfSense-specific squid.conf file.

There are still places that do "squid -k" commands to get Squid to reread its conf file, and I get some messages about 'squid: ERROR: No running copy' - I think that adding the "-f" parameter means that other checks for the squid process might need to be modified.

An easier solution might be to put an actual copy of the squid program into /usr/local/sbin rather than a link, then it might find its conf file OK?
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 2358
  • Karma: +4/-0
    • View Profile
    • International Nepal Fellowship
I tried putting a real copy of the squid program in /usr/local/sbin
That doesn't work, it still uses /usr/pbi/squid-i386/etc/squid/squid.conf
It seems that the default squid.conf location is an absolute path hard-coded into the program. I was hoping that it would be a relative path (relative to the location that the squid program was run from), but not so.

I have got Squid and SquidGuard running nicely on 2.0.1-DEVELOPMENT by editing /usr/local/pkg/squid.inc
(a) Change all the occurrences of "squid -D" to "squid -D -f /usr/local/etc/squid/squid.conf"
(b) Change all the occurrences of "squid -k *" to "squid -k * -f /usr/local/etc/squid/squid.conf"
    (where * is reconfigure, rotate, shutdown, kill)

(a) makes it use the correct conf file at startup.
(b) makes it find the squid process to change its configuration, rotate log files or stop it.

These changes are also needed in:
squid_ng.xml
squidguard_configurator.inc
swapstate_check.php

Whoever maintains the squid package, can they make this change (or another better designed one) to squid.inc for 2.1?
« Last Edit: March 09, 2012, 06:02:06 am by phil.davis »
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 2358
  • Karma: +4/-0
    • View Profile
    • International Nepal Fellowship
I suspect that Squid Traffic Management will not work (but I haven't tested it).
/var/squid/logs/cache.log reports unrecognized parameters on squid startup, lines like
parseConfigFile: squid.conf:58 unrecognized: 'delay_pools'
This happens for delay_pools, delay_class, delay_parameters, delay_initial and delay_access.
It looks like squid needs to be compiled with --enable_delay_pools - the supplied version in the pbi maybe does not have this compiler flag set?

None of these parseConfigFile messages are in the log on my 2.0.1 nanobsd system.
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/